Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle.  ..read more

Greg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future. Garcia has had a long career on the policy side of cybersecurity, and was the first presidentially appointed Assistant Secretary for Cybersecurity at the Department of Homeland Security. In this episode, he discusses where organizations are in terms of recovery from the impacts of th ..read more

Noam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders. This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode here ..read more

Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along with that expansion of capabilities comes a wider attack surface, and Piacquadio spends a good deal of time explaining not only the threat landscape he envisions, but also how giant pharmaceuticals, the supply chain, and security providers must respo ..read more

David Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings insight on that perspective, how carrier cybersecurity requirements align with risk reduction, red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict.  ..read more

Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems.  ..read more

Nathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine. Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a power outage. That outage also coincided with missile attacks by Russia against critical infrastructure in Ukraine.   Read Mandiant's Sandworm paper here.  ..read more

Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced. Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more abo ..read more

Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems.  Labonty also shares his experience during his time at Pfizer in securing the development of Pfizer's Covid-19 vaccine, and how not only security of the manufacturing process took top priority, but also supply chain security.  ..read more

A ..read more